McAfee Labs has released their June 2014 Threat report and for the first time in history the McAfee “zoo” has grown beyond 200 million samples of known malware. Unfortunately it doesn’t stop there. We see a continued rise of malware, with 236 new samples detected every minute, or close to 4 every second – representing an annual growth of 49% since 2011.
The key findings from our June 2014 reports are as follows:
Flappy Bird, a game released in 2013 by Vietnam-based developer Nguyen Ha Dong, was the most downloaded free game on the iOS App Store at the end of January 2014. In February, Nguyen took down the game due to concerns over its addictive nature. Since then, numerous clones have appeared on various app stores. McAfee sampled 300 of those clones and found that 79% of them contained malware. Some of the malicious behaviors observed include, making calls, sending premium SMS, installing additional apps, tracking geo-locations and allowing root access to the device. Many hope that Nguyen will release a new version of the app which is less addictive by forcing players to take breaks. Unfortunately that won’t stop the clones transmitting malware entirely.
The other snake oil salesmen in the threat landscape are actually bad guys selling their wares to other bad guys. In a very good marketing campaign, the bad guys have convinced the other bad guys that they can make a fortune, in the form of Bitcoins, by adding a “currency-mining feature” to their botnets. And they’re selling them bot tools to do exactly that. The only problem is that our research has shown that it’s actually not viable due to the shortcoming of the hardware. On a positive side for users, the additional activity generated by botnets using the mining feature actually makes them more detectable!
Rootkits are those nasty little things that install themselves in front of the operating system and infect a system without most anti-virus software being aware of their existence. They do this by inserting themselves into drivers and other software which is loaded when the kernel boots up. With the move to more secure 64-bit systems and digital certificates there had been a decline in the rootkit tally since 2008. But now we’re seeing a resurgence, as hackers have cracked the more secure 64-bit systems and are frequently using stolen digital certificates to make their malware look legitimate. However, all is not lost as McAfee offers a Deep Defender product which, when deployed on Intel Xeon processors with vPro, detect those rootkits during boot up time.
Just like the quarters before, this quarter has proven to be no different, with an increase of 22% in mobile malware samples. In most cases, the malware is designed to steal sensitive information or send premium SMS messages. Not only is mobile malware taking advantage of standard platform features to do its sneaky stuff, it’s now becoming localized too. The A Android malware takes the permission granted by the user to access the device and download additional software via the pay-to-download feature, which opens the floodgates to download significant amounts of other malware. And to make matters worse, the developers have even localized the malware into Japanese – ensuring it targets even more unsuspecting users.
Want to learn more? Download the McAfee Labs 2014 June Threat Report and find out what you need to do to stay a step-ahead.